b'                  Additional Disaster Recovery Planning,\n                 Testing, and Training Are Needed for Data\n                             Communications\n\n                                     April 2004\n\n                       Reference Number: 2004-20-079\n\n\n\n\nThis report has cleared the Treasury Inspector General For Tax Administration disclosure\nreview process and information determined to be restricted from public release has been\n                              redacted from this document.\n\x0c                                     DEPARTMENT OF THE TREASURY\n                                         WASHINGTON, D.C. 20220\n\n\n\n\nINSPECTOR GENERAL\n     for TAX\n  ADMINISTRATION\n\n\n\n\n                                             April 9, 2004\n\n\n       MEMORANDUM FOR CHIEF INFORMATION OFFICER\n\n\n       FROM:                  Gordon C. Milbourn III\n                              Acting Deputy Inspector General for Audit\n\n       SUBJECT:               Final Audit Report - Additional Disaster Recovery Planning,\n                              Testing, and Training Are Needed for Data Communications\n                              (Audit # 200320019)\n\n\n       This report presents the results of our review of the telecommunications disaster\n       recovery strategy. The overall objective of this review was to determine whether the\n       Internal Revenue Service (IRS) developed and tested an effective telecommunications\n       disaster recovery strategy.\n       To allow users and taxpayers fast and efficient access to applications and services, the\n       IRS must have a robust, responsive telecommunications infrastructure that provides\n       high-speed, high-availability network connectivity. The IRS Enterprise Networks\n       organization is responsible for managing the design and engineering of the\n       telecommunications environment, which includes approximately 181,500 network\n       devices and 1,200 network connection addresses.\n       In summary, the IRS has implemented several measures to create a robust and resilient\n       network architecture to support continuous data communications. For example, it has\n       made significant upgrades to its data communications network, including redundant\n       connections and diverse data traffic routing for key facilities, and standardization and\n       redundancy in network hardware. The IRS has also taken additional measures at its\n       facilities to reduce the vulnerability of the network, including off-premises storage of\n       network documentation, network system backups, installation of an uninterruptible\n       power supply, and identification and reduction of single points of failure within the\n       network. In addition, the Enterprise Networks organization has ongoing projects to\n       evaluate its data communications network to improve and upgrade the infrastructure,\n       while at the same time trying to reduce network operations costs. However, additional\n       actions could further improve the disaster recovery strategy for data communications.\n\x0c                                                          2\n\nWhile each of the four facilities we visited prepared a disaster recovery plan for data\ncommunications and stored the plan at its off-premises location, the plans did not\ncontain all of the required components and sufficient training had not been conducted\nfor the disaster recovery teams. Inadequate disaster recovery plans and training for the\ndisaster recovery personnel diminish the assurance that the IRS can rapidly recover\ndata communications at a site in an emergency and that the disaster recovery activities\ncan be conducted efficiently. In addition, the plans had not been comprehensively\nexercised. While the day-to-day operational measures taken by management and staff\nin response to daily data communications interruptions may diminish the need for\ntesting system restoration, exercising the remaining plan elements, such as plan\nactivation and team member notification and reporting procedures, would improve the\nsite\xe2\x80\x99s ability to recover timely.\nPresidential Decision Directive 63, Critical Infrastructure Protection (CIP),1 dated\nMay 1998, requires that each Federal Government department and agency prepare a\nplan for protecting its own critical infrastructure. The infrastructure includes systems\nessential to the minimum operations of the economy and the Federal Government, such\nas telecommunications, banking and finance, energy, and transportation. As part of its\nCIP Program, the IRS identified 19 critical assets, which included the data\ncommunications network. The IRS also completed a vulnerability assessment in\nNovember 2000 for each of the critical assets. However, the IRS has not completed the\ndisaster recovery planning and risk management activities for data communications,\nwhich could result in the inability of the IRS to timely restore critical data\ncommunications in the event of a disaster, potentially affecting the IRS\xe2\x80\x99 ability to\naccomplish its mission and serve taxpayers.\nLastly, the IRS engaged a vendor to assess the old network, propose a new network\ndesign, and provide cost estimates for a new network. The vendor concluded that the\nproposed design and configuration presented the least amount of complexity and cost\nwhile delivering the maximum level of capabilities and benefits, including alternate\nrouting access and recovery. However, the IRS did not prepare a formal cost-benefit\nanalysis which may have resulted in the IRS not selecting the most feasible or\ncost-effective data communications network design and recovery strategy that would\nsupport the needs of the business units. In addition, our site survey results showed that\na bi-directional ring2 connecting the Campus3 and Territory Office4 in Atlanta was not\nbeing used as advantageously as possible. For example, the Territory Office currently\ndoes not use the bi-directional ring for routing its data traffic; instead, the data are being\nsent over a separate circuit. By implementing a solution that would permit the Territory\n\n1\n  Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and Protection,\nissued December 17, 2003, superseded Presidential Decision Directive 63 and requires Federal agencies to identify\nand provide information security protections commensurate with the risk and magnitude of the harm resulting from\nthe disruption or destruction of information.\n2\n  A bi-directional ring topology reroutes traffic in the other direction if the circuit is cut.\n3\n  The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the computing centers for analysis and posting to taxpayer accounts.\n4\n  Territory Offices serve taxpayers within a specified geographical area.\n\x0c                                                           3\n\nOffice to shift its data traffic to the bi-directional ring, management could remove the\ncircuit and realize potential cost savings of $315,0005 over 5 years.\nWe recommended the Chief, Information Technology Services, ensure each site\nreviews the disaster recovery plan for completeness and accuracy quarterly or\nwhenever significant changes occur to any plan element, periodically trains employees\nin their disaster recovery roles and responsibilities, and performs at least one exercise\nof each disaster recovery plan element annually. In addition, we recommended the\nChief, Information Technology Services, complete the additional disaster recovery and\nrisk management measures outlined in the IRS\xe2\x80\x99 CIP Program for the data\ncommunications network, ensure a cost-benefit analysis is prepared for projects\nredesigning the network architecture that result in a significant investment, and ensure\nthe current IRS project tasked with optimizing the data communications network also\nassesses the use of the bi-directional rings.\nManagement\xe2\x80\x99s Response: IRS management agreed to the recommendations\npresented in the report. Planned corrective actions include performing quarterly reviews\nof the disaster recovery plans, conducting yearly training sessions and disaster recovery\ntests, and identifying critical points of failure within the local area networks. Enterprise\nNetworks organization management will include the names, responsible program areas,\nand contact numbers in site-specific disaster recovery plans. All future risk\nassessments of the network(s) will be processed under the Treasury Communications\nEnterprise managed services contract. In addition, Enterprise Networks organization\nmanagement will develop a suite of business case and alternative analysis processes\nfor evaluating significant investment projects and will include an evaluation of\nbi-directional rings when optimizing the data communications network. Management\xe2\x80\x99s\ncomplete response to the draft report is included as Appendix VII.\nCopies of this report are also being sent to the IRS managers affected by the report\nrecommendations. Please contact me at (202) 622-6510 if you have questions or\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems\nPrograms), at (202) 622-8510.\n\n\n\n\n5\n    The potential cost savings of $315,000 would be reduced by any additional costs to implement the solution.\n\x0c                  Additional Disaster Recovery Planning, Testing, and Training\n                             Are Needed for Data Communications\n\n\n\n\n                                                  Table of Contents\n\n\nBackground ............................................................................................... Page 1\nSeveral Measures Have Been Taken to Deliver\nUninterrupted Data Communications......................................................... Page 2\nImproved Site Disaster Recovery Plans and Increased\nTesting and Training Are Needed for Data Communications .................... Page 3\n         Recommendation 1: ...................................................................... Page 7\n         Recommendations 2 and 3: .......................................................... Page 8\n\nThe Data Communications Network Requires Additional\nDisaster Recovery and Risk Management Measures................................ Page 8\n         Recommendation 4: ...................................................................... Page 10\n\nSignificant Investments to Enhance Network Availability and\nRecovery Capability Should Require a Cost-Benefit Analysis ................... Page 11\n         Recommendations 5 and 6: .......................................................... Page 14\n\nAppendix I \xe2\x80\x93 Detailed Objective, Scope, and Methodology ....................... Page 15\nAppendix II \xe2\x80\x93 Major Contributors to This Report........................................ Page 16\nAppendix III \xe2\x80\x93 Report Distribution List ....................................................... Page 17\nAppendix IV \xe2\x80\x93 Outcome Measures ............................................................ Page 18\nAppendix V \xe2\x80\x93 Status of Additional Measures by Site to\nEnsure Uninterrupted Data Communications ............................................ Page 19\nAppendix VI \xe2\x80\x93 Status of Site Disaster Recovery Plans for Data\nCommunications........................................................................................ Page 21\nAppendix VII \xe2\x80\x93 Management\xe2\x80\x99s Response to the Draft Report ................... Page 23\n\x0c             Additional Disaster Recovery Planning, Testing, and Training\n                        Are Needed for Data Communications\n\n                                One of the Internal Revenue Service\xe2\x80\x99s (IRS) major\nBackground\n                                strategies contained in the IRS Strategic Plan Fiscal\n                                Years 2000-2005 is to provide high-quality, efficient, and\n                                responsive information services. This strategy includes\n                                building a robust, responsive telecommunications\n                                infrastructure that provides high-speed, high-availability\n                                network connectivity to allow users and taxpayers fast and\n                                efficient access to authorized IRS applications and services.\n                                The IRS Enterprise Networks organization is responsible for\n                                managing the design and engineering of the\n                                telecommunications environment, which includes\n                                approximately 181,500 network devices and 1,200 network\n                                connection addresses.\n                                To ensure network availability, controls should be\n                                implemented that are designed both to prevent interruptions\n                                and to promptly recover data communications service\n                                should unexpected events occur. Business continuity\n                                planning is the process of establishing, testing, and\n                                maintaining policies, procedures, and physical resources to\n                                effect the timely resumption of critical business processes in\n                                the event of a disaster. A key component of business\n                                continuity planning is disaster recovery planning, which is\n                                the advance planning and preparations from a technology\n                                aspect that are necessary to minimize loss and ensure\n                                continuity of the critical business functions.\n                                In the IRS-Wide Business Continuity Planning \xe2\x80\x93 Case for\n                                Action, dated November 30, 2001, the IRS reported\n                                weaknesses in its ability to perform disaster recovery. For\n                                example, the IRS reported that many of its business\n                                continuity plans were not tested and updated on a regular\n                                basis. In December 2002, we reported that the IRS had\n                                made substantial progress in its business continuity\n                                program.1 Activities initiated by the IRS included\n                                increasing the visibility and management oversight of\n                                business continuity issues, improving physical security at its\n                                offices, and developing plans to improve the recovery\n                                capability of its mainframe computers. However, the\n                                General Accounting Office (GAO) reported in May 2003\n\n                                1\n                                 The Internal Revenue Service Has Made Substantial Progress in Its\n                                Business Continuity Program, but Continued Efforts Are Needed\n                                (Reference Number 2003-20-026, dated December 2002).\n                                                                                              Page 1\n\x0c               Additional Disaster Recovery Planning, Testing, and Training\n                          Are Needed for Data Communications\n\n                                  that the IRS had not developed disaster recovery plans for\n                                  certain key systems at some facilities and had not tested the\n                                  plans at other facilities.2 A disaster recovery plan defines\n                                  the resources, actions, tasks, and data required to manage\n                                  the restoration process for an application or system within\n                                  the stated disaster recovery goals, thereby minimizing the\n                                  effects of a major disruption.\n                                  This review was performed in the Enterprise Networks\n                                  office at the IRS National Headquarters in\n                                  New Carrollton, Maryland; the Tennessee Computing\n                                  Center (TCC)3 in Memphis, Tennessee; the Martinsburg\n                                  Computing Center (MCC) in Martinsburg, West Virginia;\n                                  and the IRS Campus4 and Territory Office5 in\n                                  Atlanta, Georgia, during the period September through\n                                  December 2003. The audit was conducted in accordance\n                                  with Government Auditing Standards. Detailed information\n                                  on our audit objective, scope, and methodology is presented\n                                  in Appendix I. Major contributors to the report are listed in\n                                  Appendix II.\n                                  Maintaining uninterrupted data communications is critical to\nSeveral Measures Have Been\n                                  the IRS to accomplish its mission of providing top-quality\nTaken to Deliver Uninterrupted\n                                  service to taxpayers. As a result, the IRS has implemented\nData Communications\n                                  several measures to create a robust and resilient network\n                                  architecture to support continuous data communications. As\n                                  reflected in the Data Communications Utility (DCU)\n                                  Network Border Router Configuration and Redundancy\n                                  Design, dated April 2000, and the Infrastructure\n                                  Architecture Modernization Assessment, dated\n                                  February 2002, the IRS has made significant upgrades to its\n                                  network including:\n\n\n\n\n                                  2\n                                    Information Security: Progress Made, but Weaknesses at the\n                                  Internal Revenue Service Continue to Pose Risks (Reference\n                                  Number GAO-03-44, dated May 2003).\n                                  3\n                                    IRS computing centers support tax processing and information\n                                  management through a data processing and telecommunications\n                                  infrastructure.\n                                  4\n                                    The data processing arm of the IRS. The campuses process paper and\n                                  electronic submissions, correct errors, and forward data to the\n                                  computing centers for analysis and posting to taxpayer accounts.\n                                  5\n                                    Territory Offices serve taxpayers within a specified geographical area.\n                                                                                                   Page 2\n\x0c               Additional Disaster Recovery Planning, Testing, and Training\n                          Are Needed for Data Communications\n\n                                  \xe2\x80\xa2   Implementation of Asynchronous Transfer Mode\n                                      (ATM)6 as the backbone7 transport.\n                                  \xe2\x80\xa2   Redundant connections between IRS campuses and\n                                      computing centers.\n                                  \xe2\x80\xa2   The use of bi-directional ring topology8 and microwave9\n                                      to provide diverse and redundant data traffic routing for\n                                      the computing centers.\n                                  \xe2\x80\xa2   Standardization and redundancy in network hardware at\n                                      each of the border router locations.\n                                  The results of our site visits to four IRS facilities also\n                                  reflected that additional measures were being taken to\n                                  reduce the vulnerability of the data communications\n                                  network at those sites. Detailed information on our site\n                                  visits is presented in Appendix V. These measures included\n                                  off-premises storage of network documentation, network\n                                  system backups, installation of an uninterruptible power\n                                  supply, and identification and reduction of single points of\n                                  failure within the network. In addition, the sites maintained\n                                  some spare parts for network equipment and had service\n                                  level agreements with vendors for repairs. The Enterprise\n                                  Networks organization also has ongoing projects to evaluate\n                                  its data communications network to improve and upgrade\n                                  the infrastructure, while at the same time trying to reduce\n                                  network operations costs.\n                                  Office of Management and Budget (OMB) Circular A-130,\nImproved Site Disaster\n                                  Security of Federal Automated Information Resources,\nRecovery Plans and Increased\n                                  requires that agency plans assure they can recover and\nTesting and Training Are\n                                  provide sufficient service to meet the minimal user needs of\nNeeded for Data\n                                  the system in the event of a disaster. Disaster recovery is\nCommunications\n                                  the ability to respond to an interruption in services by\n                                  implementing a disaster recovery plan to restore an\n                                  organization\xe2\x80\x99s critical business functions. The IRS Internal\n\n                                  6\n                                    The ATM is a high-speed, cell-switching network technology that\n                                  handles data, real-time video, and voice.\n                                  7\n                                    A segment of the network used to connect smaller segments of the\n                                  network.\n                                  8\n                                    A bi-directional ring topology reroutes traffic in the other direction if\n                                  the circuit is cut.\n                                  9\n                                    Microwave is a point-to-point, free-space technology providing an\n                                  alternative to a fiber-based network.\n                                                                                                       Page 3\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   Revenue Manual (IRM) contains specific requirements for\n                   developing a disaster recovery plan for all mission critical\n                   systems at each facility. The IRS has also developed a\n                   disaster recovery plan template to assist site management in\n                   the development of their respective plans.\n                   Major components of a site\xe2\x80\x99s disaster recovery plan for data\n                   communications should include an overview of the disaster\n                   recovery strategy, recovery team information, notification\n                   procedures, network/circuit diagrams, hardware and\n                   software inventory, system backup requirements,\n                   off-premises storage information, and a telephone listing of\n                   external contacts such as vendors and suppliers. The\n                   disaster recovery plan should also contain recovery\n                   priorities and step-by-step restoration procedures to prevent\n                   difficulty or confusion in an emergency. The IRM\n                   stipulates that each site store a complete copy of the plan in\n                   both magnetic media and hard copy at the off-premises\n                   storage facility for that site.\n                   The IRM also contains requirements for maintaining and\n                   testing the disaster recovery plans to assure the system can\n                   be recovered in a timely manner. To be effective, the plan\n                   must be reviewed and updated regularly since frequent\n                   changes can occur with the names and contact information\n                   for team members and with system requirements and\n                   procedures as a result of shifting business needs and\n                   technology upgrades. Therefore, the IRM requires that the\n                   plan be reviewed quarterly, tested annually, and updated as\n                   needed to provide for the reasonable restoration of\n                   operations. According to the National Institute of Standards\n                   and Technology (NIST),10 testing of the disaster recovery\n                   plan should include exercising each plan element to identify\n                   planning gaps and address plan deficiencies, thereby\n                   improving plan effectiveness and overall agency\n                   preparedness. The disaster recovery personnel should also\n                   be trained at least annually to prepare them to execute their\n                   respective recovery procedures during plan activation.\n\n\n\n\n                   10\n                     The NIST is an organization within the United States Department of\n                   Commerce that is responsible for setting security standards for the\n                   nondefense side of the Federal Government.\n                                                                                 Page 4\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   As illustrated in Exhibit 1, a review of the disaster recovery\n                   plans and preparedness activities for data communications at\n                   four IRS facilities identified areas where improvements are\n                   needed. Detailed information on our review of the sites\xe2\x80\x99\n                   disaster recovery plans is contained in Appendix VI.\n                                    Exhibit 1: Status of Disaster Recovery Activities\n                                               for Data Communications\n\n                                                              Plan     Comprehensive    Sufficient\n                         IRS            Plan       Plan\n                                                             Stored      Exercise of     Training\n                        Facility      Prepared   Complete\n                                                             Offsite      the Plan      Conducted\n\n                         MCC            Yes        No         Yes           No             Yes\n\n\n                         TCC11          Yes        No         Yes           No             No\n\n\n                        Atlanta\n                                        Yes        No         Yes           No             Yes\n                        Campus\n\n                        Atlanta\n                        Territory       Yes        No         Yes           No             No\n                         Office\n                   Source: The Treasury Inspector General for Tax Administration\xe2\x80\x99s\n                   review of site disaster recovery plans and discussions with management\n                   using requirements contained in NIST and IRS guidelines.\n\n                   While each facility prepared a disaster recovery plan for\n                   data communications and stored it at its off-premises\n                   location, the plans did not contain all of the required\n                   components. In addition, the plans had not been\n                   comprehensively exercised and sufficient training had not\n                   been conducted for the disaster recovery teams.\n                   The disaster recovery plans require additional\n                   information\n                   The disaster recovery plans prepared by each site for data\n                   communications contained many of the required\n                   components. In general, the disaster recovery plans\n                   contained an overview of the recovery strategy, recovery\n                   team member names and telephone numbers, recovery team\n                   responsibilities, notification procedures, contact information\n                   for vendors and suppliers, network/circuit diagrams, system\n\n                   11\n                     The TCC had recently prepared a Technical Contingency Planning\n                   Document, which was regarded as the site\xe2\x80\x99s disaster recovery plan for\n                   evaluative purposes since it contained many of the required components\n                   and was similar in format to a disaster recovery plan.\n                                                                                         Page 5\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   backup requirements, and off-premises storage information.\n                   However, most of the plans did not contain the following\n                   information required by NIST and IRS guidelines:\n                   \xe2\x80\xa2    Recovery priorities and step-by-step restoration\n                        procedures.\n                   \xe2\x80\xa2    An inventory of hardware and software.\n                   \xe2\x80\xa2    A listing of Internet Protocol (IP)12 addresses and\n                        circuits.\n                   \xe2\x80\xa2    A record of updates to the plan.\n                   While management at the sites we visited did maintain an\n                   inventory of hardware and a listing of IP addresses, and\n                   stored this information at their off-premises locations, they\n                   did not include this information as part of their disaster\n                   recovery plans. Inadequate disaster recovery plans diminish\n                   the assurance that the IRS can rapidly recover data\n                   communications at a site in an emergency and that the\n                   disaster recovery activities can be conducted efficiently.\n                   Management did not develop adequate disaster recovery\n                   plans because they were uncertain about exactly what\n                   information should have been included in the plans.\n                   Additional testing of the plans and training of the\n                   disaster recovery personnel are needed\n                   Each of the sites had not completed a comprehensive\n                   exercise of its disaster recovery plan for data\n                   communications. Management explained that the recovery\n                   of failed data communications devices is a day-to-day\n                   operational issue. While sites may not specifically\n                   document disaster recovery testing, they exercise their\n                   disaster recovery capabilities throughout the year in\n                   response to incidents, including the restoration of routers.\n                   Management also performs tests by annually powering off\n                   and restoring equipment and by participating in the disaster\n                   recovery exercises of other systems (e.g., mainframe\n                   computers). In addition, management attributed the absence\n                   of a formal disaster recovery test for data communications\n                   to their concern for disrupting operations.\n\n                   12\n                     A Department of Defense standard protocol designed for use in\n                   interconnected systems of computer communications networks.\n                                                                                 Page 6\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   According to NIST guidelines, a disaster recovery test\n                   should include exercising each plan element, such as plan\n                   activation, team member notification and reporting\n                   procedures, and system restoration from backup media.\n                   While the day-to-day operational measures taken by\n                   management and staff in response to daily data\n                   communications interruptions may diminish the need for\n                   testing system restoration, exercising the remaining plan\n                   elements would improve the site\xe2\x80\x99s ability to recover timely.\n                   To obtain the most benefit from disaster recovery testing,\n                   the test plan should contain detailed information, including\n                   the scenario, test elements, evaluation criteria, and time\n                   periods. The results of the test should be documented and\n                   lessons learned identified to improve plan effectiveness.\n                   Training was inadequate for the disaster recovery personnel\n                   because management was unsure what the training should\n                   entail for their disaster recovery teams. According to the\n                   NIST, recovery personnel should be trained at least annually\n                   on the following elements:\n                   \xe2\x80\xa2   Purpose of the plan.\n                   \xe2\x80\xa2   Cross-team coordination and communication.\n                   \xe2\x80\xa2   Reporting procedures and security requirements.\n                   \xe2\x80\xa2   Team-specific processes and individual responsibilities.\n                   The goal of disaster recovery training should be to train the\n                   disaster recovery personnel to the extent that they are able to\n                   execute initial recovery procedures without aid of the actual\n                   document, since a paper or electronic version of the plan\n                   may be unavailable for the first few hours as a result of the\n                   disaster.\n\n                   Recommendations\n                   The Chief, Information Technology Services, should ensure\n                   each site:\n                   1. Reviews the disaster recovery plan for completeness and\n                      accuracy quarterly or whenever significant changes\n                      occur to any plan element.\n                   Management\xe2\x80\x99s Response: The MCC and TCC developed a\n                   process to perform quarterly reviews. The first review will\n                                                                           Page 7\n\x0c              Additional Disaster Recovery Planning, Testing, and Training\n                         Are Needed for Data Communications\n\n                                 be completed by April 1, 2004. The Atlanta Territory\n                                 Manager implemented a controlled response process to\n                                 ensure the disaster recovery plan was reviewed. The\n                                 responses are due March 31, June 30, September 30, and\n                                 December 31 requiring verification that each team has met\n                                 and their respective disaster recovery plans have been\n                                 reviewed for accuracy. A Plan Changes or Reviews sheet\n                                 has been added to the plans to document all changes to and\n                                 reviews of the plans.\n                                 2. Periodically trains employees in their disaster recovery\n                                    roles and responsibilities.\n                                 Management\xe2\x80\x99s Response: Both the MCC and TCC will\n                                 conduct yearly training sessions beginning in\n                                 September 2004 during the preplanning phase for this year\xe2\x80\x99s\n                                 disaster recovery exercise. The Atlanta Territory Manager\n                                 will ensure the Telecommunications organization conducts\n                                 an independent biannual disaster recovery table exercise and\n                                 documents it in the plan.\n                                 3. Performs at least one exercise of each disaster recovery\n                                    plan element annually.\n                                 Management\xe2\x80\x99s Response: Testing at the MCC and TCC is\n                                 conducted more frequently than on an annual basis. This\n                                 includes participation in disaster recovery of other systems\n                                 (e.g., mainframe disaster recovery exercise). Testing for\n                                 this calendar year will be conducted by December 1, 2004.\n                                 The Atlanta Campus and Atlanta Territory Manager will\n                                 coordinate with the Mission Assurance Office to ensure\n                                 annual disaster recovery testing is conducted.\n                                 Presidential Decision Directive (PDD) 63, Critical\nThe Data Communications\n                                 Infrastructure Protection (CIP),13 dated May 1998, calls for\nNetwork Requires Additional\n                                 a national effort to assure the security of the nation\xe2\x80\x99s critical\nDisaster Recovery and Risk\n                                 infrastructure. The infrastructure includes systems essential\nManagement Measures\n                                 to the minimum operations of the economy and Federal\n                                 Government, such as telecommunications, banking and\n\n                                 13\n                                   Homeland Security Presidential Directive 7, Critical Infrastructure\n                                 Identification, Prioritization, and Protection, issued\n                                 December 17, 2003, superseded PDD 63 and requires Federal agencies\n                                 to identify and provide information security protections commensurate\n                                 with the risk and magnitude of the harm resulting from the disruption or\n                                 destruction of information.\n                                                                                                 Page 8\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   finance, energy, and transportation. PDD 63 also requires\n                   that each Federal Government department and agency\n                   prepare a plan for protecting its own critical infrastructure.\n                   Executive Order 13231, Critical Infrastructure Protection\n                   in the Information Age, issued October 2001, reaffirms the\n                   need to continually take actions to secure information\n                   systems, emergency preparedness communications, and\n                   physical assets.\n                   The Department of the Treasury Critical Infrastructure\n                   Protection Plan (TCIPP), dated August 30, 2002, stipulated\n                   that each departmental office and bureau is responsible for\n                   identifying the critical assets under its control, assessing the\n                   vulnerabilities of those assets, and assuring their\n                   availability, integrity, confidentiality, survivability, and\n                   adequacy. According to the TCIPP, critical infrastructure\n                   would include the physical and cyber assets that support\n                   critical missions. Physical assets include the facilities\n                   providing service to the public, while cyber assets include\n                   networks, computers, applications, data, and information.\n                   Each departmental office and bureau is also required to\n                   develop its own CIP Management Plan addressing\n                   governance, risk management, critical asset management,\n                   threat assessment, vulnerability/risk assessment, disaster\n                   recovery planning and management, incident reporting and\n                   handling, and training and awareness.\n                   In February 2003, we reported that, while the IRS had not\n                   yet completed its CIP Management Plan, it had taken\n                   significant steps in protecting its critical assets.14 Some of\n                   the required activities identified in the IRS\xe2\x80\x99 draft CIP\n                   Management Plan included:\n                   \xe2\x80\xa2    Critical asset identification.\n                   \xe2\x80\xa2    Vulnerability assessment.\n                   \xe2\x80\xa2    Disaster recovery planning.\n                   \xe2\x80\xa2    Risk management.\n                   As part of its CIP Program, the IRS identified 19 critical\n                   assets, which included the data communications network.\n\n                   14\n                    Progress Has Been Made in Protecting Critical Assets (Reference\n                   Number 2003-20-047, dated February 2003).\n                                                                               Page 9\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   The IRS also completed a vulnerability assessment in\n                   November 2000 for each of the critical assets. However, the\n                   IRS has not completed the disaster recovery planning and\n                   risk management activities for data communications, which\n                   could result in the inability of the IRS to timely restore\n                   critical data communications in the event of a disaster,\n                   potentially affecting the IRS\xe2\x80\x99 ability to accomplish its\n                   mission and serve taxpayers.\n                   According to the draft CIP Management Plan, critical asset\n                   owners shall ensure that disaster recovery plans cover their\n                   critical assets and that those plans appropriately prioritize\n                   actions with respect to those critical assets. For data\n                   communications, the disaster recovery plan should address\n                   the compromise or incapacitation of the critical asset as a\n                   result of physical or cyber attacks as well as natural\n                   disasters. Critical asset owners were also required to\n                   develop and maintain a risk management plan. Risk\n                   management encompasses those activities taken to identify,\n                   control, and reduce risks. The risk management plan should\n                   be reviewed and revised annually or more frequently in\n                   response to changes in the assessed risk.\n                   IRS management explained that a disaster recovery plan and\n                   risk management plan were not developed for the data\n                   communications network because they were notified by the\n                   Department of the Treasury that critical assets were going to\n                   be reidentified by the National Critical Infrastructure\n                   Assurance Office. However, the IRS has not received any\n                   updated listing of its critical assets. The CIP Program\n                   efforts have also stalled to some extent since the stand-up of\n                   the Department of Homeland Security (DHS), which\n                   resulted in the former Department of the Treasury\xe2\x80\x99s Critical\n                   Infrastructure Protection Officer transferring to the DHS.\n\n                   Recommendation\n\n                   4. The Chief, Information Technology Services, should\n                      complete the additional disaster recovery and risk\n                      management measures outlined in the IRS\xe2\x80\x99 CIP Program\n                      for the data communications network.\n                   Management\xe2\x80\x99s Response: The Enterprise Networks\n                   organization will partner with the End User Equipment and\n                                                                         Page 10\n\x0c               Additional Disaster Recovery Planning, Testing, and Training\n                          Are Needed for Data Communications\n\n                                  Services organization to identify critical points of failure\n                                  within the IRS\xe2\x80\x99 local area networks. The Enterprise\n                                  Networks organization will also provide the names,\n                                  responsible program areas, and contact number of its\n                                  management team to be included in site-specific disaster\n                                  recovery plans.\n                                  As the Treasury Communications System will soon be\n                                  replaced with the Treasury Communications Enterprise\n                                  (TCE) managed services contract, all future risk\n                                  assessments of the wide or local area network(s) should be\n                                  processed under the TCE umbrella. The Enterprise\n                                  Networks organization will begin transitioning to the TCE\n                                  in Fiscal Year 2005.\n                                  OMB Circular A-130 requires that agencies take\nSignificant Investments to\n                                  cost-effective steps to manage any disruption of service in\nEnhance Network Availability\n                                  the event of a disaster. In addition, the Clinger-Cohen Act\nand Recovery Capability Should\n                                  of 199615 (also referred to as the Information Technology\nRequire a Cost-Benefit Analysis\n                                  Management Reform Act) requires each Federal\n                                  Government agency to establish effective and efficient\n                                  capital planning processes for selecting, managing, and\n                                  evaluating the results of all its major investments in\n                                  information systems.\n                                  According to the NIST, agencies should perform a\n                                  cost-benefit analysis to identify the optimum recovery\n                                  strategy. The cost-benefit analysis should include the\n                                  following for each alternative considered:\n                                  \xe2\x80\xa2    Assumptions and constraints of the business\n                                       need/problem.\n                                  \xe2\x80\xa2    A description of the alternative being considered.\n                                  \xe2\x80\xa2    The benefits and costs on a full life-cycle basis.\n                                  \xe2\x80\xa2    A risk analysis that addresses both technical and\n                                       organizational risk.\n                                  In April 2000, a team of IRS network engineers and\n                                  contracted consultants prepared the proposal for the IRS\xe2\x80\x99\n\n                                  15\n                                    Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of\n                                  5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C.,\n                                  22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C.,\n                                  41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).\n                                                                                                  Page 11\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   current ATM/Frame Relay16 data communications network.\n                   The network topology in Exhibit 2 shows the hierarchal\n                   ATM network design for connections among the computing\n                   centers, campuses, and Territory Offices. The posts-of-duty\n                   have Frame Relay connectivity to the Territory Offices.\n                                       Exhibit 2: Network Topology\n\n                    Computing           CC                               CC\n                    Center\n                                                         CC\n\n\n\n\n                    Campus                           C         C\n\n\n\n                    Territory Office            TO       TO        TO\n\n\n\n                   Source: DCU Network Border Router Configuration and Redundancy\n                   Design, dated April 20, 2000.\n\n                   The goal was to design a consistent, highly available system\n                   architecture that could be scaled to meet the current and\n                   future requirements. As illustrated in Exhibit 3, the design\n                   provided for standardization of the border router\n                   configuration within the IRS network and redundancy at\n                   each of the border router locations. The switches are paired\n                   with the border routers to avoid single points of failure and\n                   to provide more than one access point into the ATM service\n                   provider.\n                              Exhibit 3: Network Border Router Configuration\n\n                                        ATM Switch       Border Router    Domain Router\n\n\n\n\n                   Source: DCU Network Border Router Configuration and Redundancy\n                   Design, dated April 20, 2000.\n\n\n\n                   16\n                      Frame Relay is a high-speed protocol suited for data and image\n                   transfer.\n                                                                                  Page 12\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   The design provided for the capability that, in the event of a\n                   failure in the primary or secondary communication path, the\n                   unaffected path would provide alternate routing access and\n                   recovery. While the vendor concluded that the proposed\n                   design and configuration presented the least amount of\n                   complexity and cost while delivering the maximum level of\n                   capabilities and benefits, the IRS did not prepare a formal\n                   cost-benefit analysis. Instead, the IRS engaged the vendor\n                   to assess the old network, propose a new network design,\n                   and provide cost estimates for the new ATM/Frame Relay\n                   network.\n                   The proposed ATM/Frame Relay data communications\n                   network was estimated to cost $4.9 million and was largely\n                   comprised of the vendor\xe2\x80\x99s products and equipment. Not\n                   conducting a formal cost-benefit analysis may have resulted\n                   in the IRS not selecting the most feasible or cost-effective\n                   data communications network design and recovery strategy\n                   that would support the needs of the business units. IRS\n                   management explained that an immediate and significant\n                   upgrade to the data communications network was necessary\n                   at the time and that the absence of a cost-benefit analysis\n                   occurred primarily because they did not consider the\n                   redesign of the network to be a separate information\n                   technology investment project.\n                   IRS management recognizes that, while there is a strong\n                   argument in favor of ease of operations and management to\n                   use a single vendor environment, it hinders their ability to\n                   leverage the IRS\xe2\x80\x99 purchasing power. In fact, the Enterprise\n                   Networks organization is actively assessing its data\n                   communications network to implement improvements while\n                   reducing operational costs. For example, a current IRS\n                   project is tasked with optimizing the data communications\n                   network since it was based on the IRS\xe2\x80\x99 organizational\n                   structure prior to the reorganization, which has resulted in\n                   architectural inefficiencies and operational issues.\n                   One of the effectiveness measures identified by the project\n                   is to identify potential cost savings opportunities\n                   (e.g., reduced hardware, circuits, etc.). This effort should\n                   also include assessing the use of the bi-directional rings that\n                   provide diverse traffic routing at some IRS locations. Our\n                   site survey results showed that a bi-directional ring\n\n                                                                          Page 13\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                   connecting the Campus and Territory Office in Atlanta was\n                   not being used as advantageously as possible. For example,\n                   the Territory Office currently does not use the bi-directional\n                   ring for routing its data traffic; instead, the data are being\n                   sent over a separate circuit. By implementing a solution that\n                   would permit the Territory Office to shift its data traffic to\n                   the bi-directional ring, management could remove the\n                   circuit and realize potential cost savings of $315,00017 over\n                   5 years.\n\n                   Recommendations\n\n                   The Chief, Information Technology Services, should ensure:\n                   5. A cost-benefit analysis is prepared for projects\n                      redesigning the network architecture that result in a\n                      significant investment.\n                   Management\xe2\x80\x99s Response: The Enterprise Networks\n                   organization will develop a suite of business case and\n                   alternative analysis processes for evaluating significant\n                   investment projects, which will be used as a critical decision\n                   factor in all recommendations and approvals.\n                   6. The current IRS project tasked with optimizing the data\n                      communications network also assesses the use of the\n                      bi-directional rings.\n                   Management\xe2\x80\x99s Response: The Engineering Branch of the\n                   Enterprise Networks organization will include the use and\n                   evaluation of bi-directional rings when optimizing the data\n                   communications network.\n\n\n\n\n                   17\n                     The potential cost savings of $315,000 would be reduced by any\n                   additional costs to implement the solution.\n\n\n\n                                                                               Page 14\n\x0c                   Additional Disaster Recovery Planning, Testing, and Training\n                              Are Needed for Data Communications\n\n                                                                                                     Appendix I\n\n\n                          Detailed Objective, Scope, and Methodology\n\nThe overall objective of this review was to determine whether the Internal Revenue\nService (IRS) developed and tested an effective telecommunications disaster recovery strategy.\nTo accomplish this objective, we:\nI.      Reviewed the policies and procedures for completing a cost-benefit analysis during the\n        development of a disaster recovery strategy to ensure redundancy and resiliency in the\n        data communications architecture. We interviewed management and reviewed studies\n        and analyses completed to establish the recommended disaster recovery strategy to\n        determine whether a cost-benefit analysis was used to select the most efficient disaster\n        recovery option. We also reviewed the IRS\xe2\x80\x99 network topology to determine if the\n        selected strategy was incorporated into the current data communications architecture.\nII.     Reviewed the policies and procedures for developing and updating disaster recovery\n        plans. We interviewed management at the visited sites about the preparation of a disaster\n        recovery plan for telecommunications and about the effectiveness and efficiency of the\n        current disaster recovery architecture. We also reviewed the disaster recovery plans at\n        the visited sites to determine their adequacy and completeness for prompt recovery of\n        data communications in the event of a disaster. In addition, we determined if measures\n        were implemented to ensure uninterrupted telecommunications and reviewed the network\n        topology to assess whether single points of failure had been sufficiently eliminated.\nIII.    Reviewed the policies and procedures for conducting disaster recovery tests and\n        evaluating test results. In addition, we reviewed the disaster recovery test plans, test\n        results, and test schedule at each site to identify the extent to which the disaster recovery\n        capabilities for telecommunications were tested and whether identified deficiencies have\n        been adequately addressed. At each site, we also identified training provided to the\n        telecommunications disaster recovery staff related to their disaster recovery\n        responsibilities.\nIV.     Reviewed the policies and procedures for the Critical Infrastructure Protection (CIP)1\n        Program to determine what additional actions the IRS requires for its critical assets. In\n        addition, we interviewed management and reviewed documents prepared by the IRS to\n        meet CIP Program requirements related to telecommunications.\n\n\n\n\n1\n The CIP Program is a national effort to assure the security of the nation\xe2\x80\x99s critical infrastructure, which includes\nsystems essential to the minimum operations of the economy and Federal Government, such as telecommunications,\nbanking and finance, energy, and transportation.\n\n                                                                                                           Page 15\n\x0c               Additional Disaster Recovery Planning, Testing, and Training\n                          Are Needed for Data Communications\n\n                                                                                Appendix II\n\n\n                           Major Contributors to This Report\n\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs)\nGary Hinkle, Director\nDanny Verneuille, Audit Manager\nPaul Mitchell, Senior Auditor\nVan Warmke, Senior Auditor\nOlivia Jasper, Auditor\nLinda Screws, Auditor\n\n\n\n\n                                                                                         Page 16\n\x0c             Additional Disaster Recovery Planning, Testing, and Training\n                        Are Needed for Data Communications\n\n                                                                            Appendix III\n\n\n                             Report Distribution List\n\nCommissioner C\nOffice of the Commissioner \xe2\x80\x93 Attn: Chief of Staff C\nDeputy Commissioner for Operations Support OS\nChief, Information Technology Services OS:CIO:I\nDirector, End User Equipment and Services OS:CIO:I:EU\nDirector, Enterprise Networks OS:CIO:I:EN\nActing Director, Portfolio Management OS:CIO:R:PM\nChief Counsel CC\nNational Taxpayer Advocate TA\nDirector, Office of Legislative Affairs CL:LA\nDirector, Office of Program Evaluation and Risk Analysis RAS:O\nOffice of Management Controls OS:CFO:AR:M\nAudit Liaisons:\n    Chief, Information Technology Services OS:CIO:I\n    Director, End User Equipment and Services OS:CIO:I:EU\n    Director, Enterprise Networks OS:CIO:I:EN\n    Manager, Program Oversight and Coordination OS:CIO:R:PM:PO\n\n\n\n\n                                                                                 Page 17\n\x0c                  Additional Disaster Recovery Planning, Testing, and Training\n                             Are Needed for Data Communications\n\n                                                                                                Appendix IV\n\n\n                                           Outcome Measures\n\nThis appendix presents detailed information on the measurable impact that our recommended\ncorrective actions will have on tax administration. This benefit will be incorporated into our\nSemiannual Report to the Congress.\nType and Value of Outcome Measure:\n\xe2\x80\xa2   Cost Savings, Funds Put to Better Use \xe2\x80\x93 Potential; $315,000 (see page 11).\nMethodology Used to Measure the Reported Benefit:\nWe reviewed the use of the bi-directional ring1 connecting the Campus2 and Territory Office3 in\nAtlanta, Georgia. We determined that by shifting the Territory Office\xe2\x80\x99s data traffic to the\nbi-directional ring, management could remove the current circuit for data traffic and realize\npotential cost savings of $315,0004 over 5 years.\n\nDescription                                                                                     Amount\nEstimated average current monthly recurring charge of circuit used for data                      $5,700\ntraffic at the Territory Office.\nEstimated monthly recurring charge for using the bi-directional ring.                            <$450>\nEstimated monthly savings by shifting the data traffic to the bi-directional                     $5,250\nring.\nEstimated 5-year savings ($5,250 * 12 months * 5 years).                                        $315,000\n\n\n\n\n1\n  A bi-directional ring reroutes traffic in the other direction if the circuit is cut.\n2\n  The data processing arm of the Internal Revenue Service. The campuses process paper and electronic submissions,\ncorrect errors, and forward data to the computing centers for analysis and posting to taxpayer accounts.\n3\n  Territory Offices serve taxpayers within a specified geographical area.\n4\n  The potential cost savings of $315,000 would be reduced by any additional costs to implement the solution.\n\n\n\n\n                                                                                                        Page 18\n\x0c                       Additional Disaster Recovery Planning, Testing, and Training\n                                  Are Needed for Data Communications\n\n                                                                                                  Appendix V\n\n\n                             Status of Additional Measures by Site to Ensure\n                                  Uninterrupted Data Communications\n\n    Checks [ ] represent those measures implemented at the site.\n\n                                                                    Martinsburg   Tennessee    Atlanta    Atlanta\n          Measure                         Comments                  Computing     Computing   Campus2    Territory\n                                                                            1                                    3\n                                                                      Center        Center                Office\n\n    1.   Risk Assessment       All sites had risk assessments\n                               completed on their networks\n                               within the last 3 years.\n    2.   Backup Power          Each of the sites had an\n         Source                uninterruptible power supply\n                               device and generator.\n    3.   Multiple              The Martinsburg Computing\n         Demarcation           Center consisted of two\n               4\n         Points                buildings. Each building had a\n                               demarcation point, and there was\n                               a separate fiber cable connecting\n                               the two buildings to provide\n                               redundancy.\n    4.   Spare Parts           All sites maintained some spare\n         Inventory             parts for repairs.\n    5.   Service Level         All sites had a service level\n         Agreements With       agreement with vendors for\n         Vendors               repairs.\n    6.   Redundant             All sites had redundant circuits\n         Circuits              for network connectivity.\n    7.   Network Diversity     All sites used bi-directional ring\n                                         5               6\n                               topology or microwave to\n                               provide network diversity.\n\n\n\n\n1\n  Internal Revenue Service (IRS) computing centers support tax processing and information management through a\ndata processing and telecommunications infrastructure.\n2\n  The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the computing centers for analysis and posting to taxpayer accounts.\n3\n  Territory Offices serve taxpayers within a specified geographical area.\n4\n  The demarcation point is the interface location for telecommunications at the customer\xe2\x80\x99s premises.\n5\n  A bi-directional ring topology reroutes traffic in the other direction if the circuit is cut.\n6\n  Microwave is a point-to-point, free-space technology providing an alternative to a fiber-based network.\n                                                                                                         Page 19\n\x0c                      Additional Disaster Recovery Planning, Testing, and Training\n                                 Are Needed for Data Communications\n\n    Checks [ ] represent those measures implemented at the site.\n\n                                                                  Martinsburg   Tennessee   Atlanta    Atlanta\n           Measure                     Comments                   Computing     Computing   Campus    Territory\n                                                                    Center        Center               Office\n                         7\n    8.   Multiple Carriers   Except for the Martinsburg\n                                                 8\n                             Computing Center, all sites had\n                             only one local carrier for their\n                             data communications circuits.\n    9.   System Backups      All sites were backing up critical\n                             files and storing them at their\n                             off-premises location.\n    10. Off-premises         All sites stored system recovery\n        Storage of           documentation at their\n        Documentation        off-premises location.\nSource: The Treasury Inspector General for Tax Administration\xe2\x80\x99s review of Internal Revenue Service documents\nand management discussions.\n\n\n\n\n7\n A carrier is a telecommunications company that provides communications transmission services to the public.\n8\n The Martinsburg Computing Center had microwave in addition to wire circuits for data communications, which\nwas provided by a different carrier.\n\n\n\n\n                                                                                                      Page 20\n\x0c                      Additional Disaster Recovery Planning, Testing, and Training\n                                 Are Needed for Data Communications\n\n                                                                                                Appendix VI\n\n\n               Status of Site Disaster Recovery Plans for Data Communications\n\n    Checks [ ] represent those items contained in the site\xe2\x80\x99s disaster recovery plan.\n\n                                                                  Martinsburg   Tennessee    Atlanta     Atlanta\n              Plan Requirement and Description                    Computing     Computing   Campus2     Territory\n                                                                          1                                     3\n                                                                    Center        Center                 Office\n\n    1.   Recovery Strategy Overview \xe2\x80\x93 A description of the\n         methods that provide recovery capability over the full\n         spectrum of incidents.\n\n    2.   Recovery Team Information \xe2\x80\x93 The name, role, and\n         telephone number for the recovery team leaders and\n         members.\n\n    3.   Notification Procedures \xe2\x80\x93 A description of the\n         methods used to notify recovery personnel during\n         business and nonbusiness hours.\n\n    4.   Recovery Team Responsibilities \xe2\x80\x93 An overview of\n         team member roles and responsibilities in a\n         contingency situation.\n\n    5.   Recovery Priorities \xe2\x80\x93 A prioritized sequence of\n         recovery activities based upon the business impact\n         analysis.\n\n    6.   Restoration Procedures \xe2\x80\x93 Step-by-step procedures in\n         sequential order to restore data communications.\n\n    7.   Vendor and Supplier Information \xe2\x80\x93 The name,\n         address, and telephone number of telecommunications\n         vendors and suppliers.\n\n    8.   Critical Telephone List \xe2\x80\x93 The name and telephone\n         number of other critical personnel that may be needed\n         during the recovery process.\n\n    9.   Network/Circuit Diagrams \xe2\x80\x93 High- and low-level\n         topologies that depict the interconnectivity between\n         networks.\n\n\n\n\n1\n  Internal Revenue Service (IRS) computing centers support tax processing and information management through a\ndata processing and telecommunications infrastructure.\n2\n  The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the computing centers for analysis and posting to taxpayer accounts.\n3\n  Territory Offices serve taxpayers within a specified geographical area.\n                                                                                                         Page 21\n\x0c                      Additional Disaster Recovery Planning, Testing, and Training\n                                 Are Needed for Data Communications\n\n    Checks [ ] represent those items contained in the site\xe2\x80\x99s disaster recovery plan.\n\n                                                                    Martinsburg   Tennessee   Atlanta    Atlanta\n              Plan Requirement and Description                      Computing     Computing   Campus    Territory\n                                                                      Center        Center               Office\n\n    10. Hardware and Software Inventory \xe2\x80\x93 A listing of\n        physical hardware (i.e., circuits, routers, and switches)\n        and computer software.\n\n    11. System Backup Requirements \xe2\x80\x93 File backup\n        frequency and rotation schedule for critical files stored\n        at the off-premises facility.\n                                           4\n    12. Listing of Internet Protocol (IP) Addresses and\n        Circuits \xe2\x80\x93 A listing of the IP addresses and circuits for\n        both the facility and other supported sites.\n    13. Off-premises Storage Information \xe2\x80\x93 The name,\n        address, and telephone number of the off-premises\n        storage facility.\n    14. Record of Changes \xe2\x80\x93 A record of plan modifications\n        that includes the page number, change comment, and\n        date of change.\nSource: The National Institute of Standards and Technology Special Publication 800-34, Contingency Planning\nGuide for Information Technology Systems, the Internal Revenue Service\xe2\x80\x99s Internal Revenue Manual and Disaster\nRecovery Plan Template, and the Treasury Inspector General for Tax Administration\xe2\x80\x99s review of site disaster\nrecovery plans.\n\n\n\n\n4\n A Department of Defense standard protocol designed for use in interconnected systems of computer\ncommunications networks.\n                                                                                                        Page 22\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n                                                           Appendix VII\n\n\n\n     Management\xe2\x80\x99s Response to the Draft Report\n\n\n\n\n                                                                 Page 23\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 24\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 25\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 26\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 27\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 28\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 29\n\x0cAdditional Disaster Recovery Planning, Testing, and Training\n           Are Needed for Data Communications\n\n\n\n\n                                                               Page 30\n\x0c'